International Finance
MagazineTechnology

The Great Cloud Exodus and Return to Data Sovereignty

The Great Cloud Exodus
Soaring subscription costs, AI data scraping, and the sudden shutdown of platforms people trusted have pushed businesses and researchers toward a new kind of computing, one where your files live on your own machine, not someone else's server

There is a quiet revolution happening in the way businesses and researchers think about their files, documents, and knowledge. For years, people simply moved everything to the cloud. Store your work on Notion, collaborate over Slack, edit in Google Docs, and let the internet handle the rest. That consensus is fracturing.

A growing number of power users, including software developers, financial analysts, academic researchers, and security-conscious companies, are pulling their data back. They are moving away from cloud platforms and building systems where their information lives locally, on their own devices, under their own control. The reasons are financial, legal, and deeply personal. Subscription prices have ballooned out of control. Platforms have quietly started using customer data to train artificial intelligence. Some services have simply shut down, leaving users stranded with no way out.

This is not a fringe reaction confined to paranoid engineers, but a structural shift in how organisations think about intellectual property, and it is being driven by hard numbers.

The Bill That Keeps Growing
The most immediate driver of this shift is cost. Cloud software is getting significantly more expensive, and far faster than almost anything else in the economy.

Data drawn from over $30 billion in tracked global software spending shows that SaaS-specific inflation, meaning price rises across subscription software products specifically, reached 13.2% in early 2026. In late 2025, it peaked even higher, hitting 14.7% just as most large enterprises were going through their year-end renewal cycles, which is hardly a coincidence. For context, general consumer price inflation across G7 economies sits around 2.7%. Software costs, in other words, are rising nearly five times faster than the price of everything else.

The consequences are visible on corporate balance sheets. The average company now spends roughly $9,100 per employee per year on software, a rise of 27% over just two years. Software’s share of total IT budgets has climbed from 13% five years ago to 21% today, a jump so steep that in several companies it now exceeds what they spend on employee healthcare coverage. Roughly 79% of IT leaders reported facing price increases at their last renewal cycle, suggesting this is no longer an occasional shock, but the new default behaviour of the industry.

The price increases themselves are not subtle. Salesforce has pushed its top-tier enterprise licencing cost to $500 per seat per month, after consecutive price hikes in 2023 and 2025. Slack raised its Business+ subscription by 20%, taking it to $15 per user monthly. Zendesk has been charging customer service teams up to $115 per agent monthly, with AI features tagged on as a separate $25 to $50 add-on. Adobe quietly restructured its Creative Cloud offering, stripping mobile apps and AI features out of its cheaper standard tier, and rebranding a pricier version as the new default for anyone who wants the full toolkit.

Beyond these headline increases, software companies have become increasingly creative about extracting more money without technically raising the sticker price, a practice sometimes called shrinkflation. Standard features quietly get moved into higher, costlier pricing tiers. The number of API calls a customer is allowed gets reduced. Monthly usage credits expire before they can be fully used, forcing customers to either upgrade or simply lose value they already paid for.
Atlassian’s Rovo platform, for example, caps users at 25 credits a month. Adobe’s Firefly platform uses non-rollover credits that get consumed faster for more advanced generative tasks. Microsoft, in its mid-2026 updates, bundled tools like Copilot Chat, Defender, and Intune into existing subscription tiers, using the bundling itself as justification for a higher overall list price, forcing organisations to pay for features many of them never asked for, or needed. Companies trying to build custom AI tools on Microsoft’s Copilot Studio platform face a flat $200 monthly fee capped at 25,000 messages, with anything beyond that triggering metered overage charges.

The cumulative effect of all this is a corporate software bill that grows substantially every year, regardless of whether the underlying product has actually improved.

The Privacy Shock
The financial squeeze on its own would already be reason enough for companies to rethink their cloud dependence. But it has been compounded by something arguably more serious. There is a deep erosion of trust around what platforms actually do with the data their customers store on them.

The rise of generative AI has created an almost insatiable demand for training material. Large language models need enormous quantities of text to learn from, and some of the richest, most detailed text in existence sits quietly in the documents, internal chats, and notes that businesses store on cloud platforms every single day. Several major vendors have been caught treating this material as fair game for their own AI ambitions, often without making that intention obvious to the customers footing the bill.

A widely cited Stanford study found that several leading AI developers feed user conversational data back into their own models by default, relying on lengthy data retention periods, and offering very little clarity about how customers can actually opt out. Even Anthropic, the company behind Claude, changed its terms of service in September 2025 to train its models on user conversations by default, unless customers actively chose to opt out themselves.

Slack faced its own wave of public backlash after users discovered that its privacy terms permitted the company to scan messages and files in order to train machine learning models. Customers were automatically enrolled into this without any active choice, and had to email a specific address to request removal, a process most users never even knew existed until it was reported on. Slack later clarified that its newer AI features rely on outside large language models rather than directly retraining on raw private message content, but for many businesses, the explanation arrived only after the trust had already been damaged.

Adobe ran into a similar storm. An update to its terms of use appeared to grant the company access to active, in-progress user files through both automated and manual review processes. Designers and creators working under strict client confidentiality agreements suddenly realised that unpublished, unreleased work sitting in their Adobe cloud storage could potentially be scanned. Adobe later clarified that its main generative tool, Firefly, is not trained on customer cloud files. That clarification did little to stop the fallout, and the company was hit with a shareholder lawsuit accusing its executives of misleading investors about how its AI training data was actually being sourced.

The starkest cautionary tale, however, is the story of Skiff. Skiff was a privacy-focused productivity startup that had built a loyal base of nearly two million users on the strength of its end-to-end encrypted email, calendar, and document storage. It had raised meaningful venture funding, including from Sequoia Capital, and represented exactly the kind of privacy-first alternative that security-conscious users were looking for. In February 2024, Notion acquired Skiff, and then chose to shut the entire product down.

Users were left scrambling to manually export their own email archives, contacts, and files, since automatic migration tools simply were not available. The transition itself became a case study in how not to handle an acquisition: promised email forwarding broke due to expired security certificates, customer support was replaced by unresponsive automated chat loops, and user-owned domains stopped functioning correctly.

For an audience that had specifically chosen Skiff because they cared about owning their own data, watching the company they trusted vanish almost overnight was a stark wake-up call.

The lesson these episodes left behind, across the developer and research communities, was simple and hard to unlearn: when your data lives on someone else’s server, it ultimately lives by their rules, not yours.

The Local-First Alternative
The response to all of this now has a name. It’s called local-first software. The term was formally defined back in 2019 by a research group called Ink and Switch, but the underlying instinct it captures, that your own files should belong to you first and foremost, is far older and has become newly urgent.

Local-first software is built on one simple, almost old-fashioned principle. Your files live on your own device first. The hard drive of your computer, tablet, or phone is treated as the primary, authoritative home for your data. Any synchronisation across multiple devices, or any sharing with collaborators, happens quietly in the background over the network, as a secondary convenience rather than as a precondition for the software to work at all.

This distinction matters enormously in practice. If the software company behind the app goes out of business, your files remain exactly where they were, fully readable. If your internet connection drops, you can keep working without interruption. If the vendor changes its terms of service, hikes its prices overnight, or gets quietly acquired and shut down, none of that changes what is already sitting safely on your own hard drive.

The clearest real-world example of this model working at scale is Obsidian, a note-taking and knowledge management application now used by over 1.5 million people every month. Obsidian stores everything as plain text Markdown files inside a folder on your own computer, what the app calls a vault. There is no proprietary file format, and no cloud lock-in involved. Any basic text editor on any device can open these files, with or without Obsidian installed.

When Obsidian introduced a new feature called Bases in 2025, which lets users build searchable, structured databases directly from their notes, many longtime Notion users found they could finally replicate everything they relied on Notion for, except now it all lived entirely on their own machine.

Obsidian generates revenue through optional paid add-ons, like encrypted cross-device syncing, priced between $48 and $96 a year, and a separate publishing feature. But the core application itself remains free, including for full commercial and enterprise use, after the company relaxed its licencing terms.

Independent security firms have audited the underlying architecture and confirmed its claims. When users do choose to sync their notes across devices, the files are encrypted directly on their own device before they ever leave it, which means even Obsidian’s own servers are mathematically incapable of reading the contents.

Where Governments Come In
This move toward local control is not limited to individual users or small companies. Governments, particularly across Europe, are now pushing hard to bring entire categories of national and corporate data infrastructure back under their own legal jurisdiction.

The distinction driving this effort is a subtle but important one. The difference between data residency and data sovereignty. Data residency simply means your data physically sits on a server located in a particular country. Data sovereignty means that data is actually governed by that country’s own laws, and meaningfully protected from interference by foreign governments, which is a much higher bar.

Under existing American law, US technology companies can be legally compelled to hand over data stored on their servers anywhere in the world, including servers physically located inside Europe. This creates a genuine problem for European organisations relying on American cloud platforms, no matter where those platforms’ physical data centres happen to be.

France has responded by formalising a framework that requires government bodies and operators of critical national infrastructure to host sensitive data exclusively on cloud services that meet strict, French-controlled standards. The requirements include European legal control over the provider, European-based management of encryption keys, and an entirely EU-based staff.

In response, major American technology giants have formed European joint ventures specifically to meet these requirements, including a Microsoft partnership with Orange and Capgemini inside France, and a Google partnership with the defence contractor Thales.

Amazon went a step further, opening a dedicated European Sovereign Cloud in Germany in January 2026. It was built as a legally and operationally separate entity from Amazon’s global cloud business, staffed exclusively by EU residents, and specifically engineered to insulate customer data from American legal jurisdiction.

Germany’s Hetzner and DanubeData, alongside France’s OVHcloud and Scaleway, offer virtual private servers, managed databases, and object storage at 40% to 70% lower cost than AWS, Google Cloud, or Microsoft Azure. Because these providers are headquartered and operated entirely within European jurisdictions, they sidestep the complex data transfer assessments that come with using American platforms, and crucially, they fall outside the reach of US surveillance law.

For cost-sensitive startups and mid-market developers, this combination of cheaper pricing and cleaner legal standing has made them an increasingly default choice rather than a niche one.

At the government level, the stakes are higher, and the providers more specialised. Bleu, a joint venture between Capgemini and Orange, delivers Microsoft Azure and Microsoft 365 services hosted entirely within France, operated by EU citizens, and built specifically to meet SecNumCloud 3.2, the French government’s strict cloud security qualification. Bleu is designed for public administrations, and so-called ‘Operators of Vital Importance’, the institutions running hospitals, utilities, and other critical infrastructure.

A similar logic applies to S3NS, a French entity formed by Google in partnership with defence contractor Thales, also structured around SecNumCloud compliance.

In Germany, Delos Cloud, an SAP subsidiary, has been built to satisfy federal sovereignty requirements for government workloads.

At the most sensitive end of the spectrum sits Google Distributed Cloud (GDC), which can run fully air-gapped, physically isolated from the public internet. This mode is built for governments and intelligence agencies that require absolute immunity from remote shutdowns or foreign data extraction, allowing classified workloads to run entirely on sovereign, disconnected infrastructure.
A Recalibration, Not a Rejection

None of this means the cloud is going away, nor should it. Collaborative, real-time tools still make perfect sense for a great deal of everyday business work. But the old assumption that cloud-first automatically means best-first is no longer something organisations can take for granted.

For companies and individuals generating sensitive research, proprietary analysis, or client-confidential work, the question of where exactly that data lives, and precisely who else can access it, has become a genuine strategic decision rather than a default setting nobody bothers to question. The tools needed to answer that question differently are now mature, widely available, and in many cases, considerably cheaper than the cloud subscriptions they are quietly replacing.

What's New

European banks have been banking on borrowed time

‘Premature to declare a full recovery for Wall Street’

Argentina’s Chainsaw Balance Sheet at a Crossroads

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.